Step-by-step guidance for individuals, businesses and accountable institutions — covering signup, document requests, OTP consent, the audit trail, and how your data stays private by default.
FICAVault is a compliance passport for South African individuals and businesses. Upload your FICA/KYC documents once, keep them current with automatic expiry reminders, and share them securely with banks, advisors, attorneys, accountants, brokers and other accountable institutions only when you explicitly approve the request.

Every account is free to create. You only pay when you add a business, trust or linked client.
| Type | Best for | Pricing |
|---|---|---|
| Individual | One person building a personal FICA passport. | Free forever. Pro adds notifications & audit export at R 49 / month. |
| Business | Companies, close corporations and trusts with directors and beneficial owners. | Free to explore. R 100 / month unlocks 2 entities, +R 30 per extra entity. |
| Institution | Banks, advisors, attorneys, accountants and other accountable institutions. | Free to explore. R 1 499 / month covers 25 linked clients, +R 250 per extra 25. |

Signup takes about a minute and no card is required.
Click Get started anywhere on the site, or go directly to /auth/signup.

Choose Individual, Business or Institution. The description and pricing update to match your choice. You can change type later by contacting support if needed.
Enter your full name (contact name for Business/Institution), a working email address, your mobile number, and a strong password.
Tick the box to accept the Terms of Service, Privacy Policy and POPIA Notice. The Create free account button unlocks once the box is ticked.

Click Create free account. We create your account and send a confirmation email to the address you supplied.
Within a minute of signup you'll receive an email from no-reply@ficavault.app with the subject Confirm your email for FICAVault.

Click Verify Email — you'll be redirected to your new dashboard.
Every user is guided through a short onboarding on first login:

After your first sign-in FICAVault walks you through a seven-step wizard that builds your compliance profile. You can leave and return at any time — every answer is saved as you go, and the progress bar at the top shows exactly where you are.
The seven steps in order are:
Your Individual dashboard shows five things: your vault, your profile, your share requests inbox, your expiry tracker, and your audit log.



A Business account groups multiple entities under one owner. Each entity has its own vault, directors, shareholders and beneficial owners.
Institutions use FICAVault to request documents from clients and to keep an organised, auditable record of what was collected and when.
A request has a clear lifecycle so both sides always know where they stand:
Pending
Institution has requested docs. Client sees a card in their inbox and gets an email.
Approved (OTP)
Client entered the OTP. Institution can now view the specific documents that were approved — nothing else.
Denied
Client declined. Institution can send a new request with a reason, or stop.
Accessed
Institution downloaded or viewed a document. Timestamp and IP are logged.
Expired
Approval window elapsed. Institution must request again.
Revoked
Client withdrew consent. Institution loses access immediately.

Whenever an institution requests documents, FICAVault:
For ad-hoc sharing that isn't tied to an existing request, use a share link — see the full step-by-step walkthrough in the next section.

Every meaningful action in FICAVault is written to an append-only audit log. Nothing can be deleted or edited retroactively.
What is logged:
What is captured per event: who, what, when (UTC), source IP, user-agent and a stable event ID.
Individuals see their own log under Dashboard → Audit. Institutions can filter by client, team member or date and export the log as a compliance pack (CSV + PDF).


FICAVault emails you (and optionally SMS on Pro) at these moments:
Fine-tune what you receive under Dashboard → Security → Notifications, or unsubscribe from a specific email using the link in its footer.
Because your vault holds identity documents, we strongly recommendturning on two-factor authentication. With 2FA on, signing in requires both your password and a six-digit code from an authenticator app (Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.). A leaked password alone can't open your account.
Sign in and click Security & 2FA in the sidebar.
Click Add authenticator. A QR code and a text secret appear. Open your authenticator app, tap Add account, and scan the QR (or paste the secret if scanning isn't possible).
Type the current six-digit code from the app back into FICAVault. As soon as it verifies, 2FA is active and you'll see a green Two-factor authentication is oncard. From now on every sign-in asks for a fresh code.

Every 2FA event — enrolment, removal, successful and failed code challenge — is written to your audit log (section 14).
Every account is free to create and explore. You are only charged when you actively use paid capacity:
Invoices are available under Dashboard → Billing. You can downgrade or cancel at any time; access remains until the paid period ends.
Check spam and promotions. Add no-reply@ficavault.app to your contacts. If nothing arrives after 15 minutes, sign in and use 'Resend verification', or contact support.
Confirm your mobile number under Profile → Contact. Try the email OTP fallback. Some networks delay international-format numbers — allow up to two minutes before requesting a resend.
Codes rotate every 30 seconds — make sure your phone's clock is set to automatic network time. If it still fails, try the next code (wait for it to change) or contact support to reset the factor.
Check they're using the exact email address you entered when creating the link, and the current passcode. If the link is expired, revoked, or the download cap is reached, create a new one.
Dashboard → Security → Change email. You'll be sent a confirmation link at the new address, and a notification at the old one.
Yes. Deselect items on the approval screen before entering the OTP. Only the ticked documents are unlocked.
Dashboard → Security → Close account. You have 30 days to export your documents; after that they are deleted, subject to any legal retention requirement.
Can't find what you need?